I recently learned that every packet includes checksum bytes and that the comput
ID: 659906 • Letter: I
Question
I recently learned that every packet includes checksum bytes and that the computer will request the packet again if the checksums don't match. How do the following attacks defeat such a safeguard?
ARP Spoofing - I assume that this is able to take place because the attacker is not actually modifying the packet contents, just intercepting them in transit and then relaying them to the original, intended recipient. Am I correct?
Insertion Attacks (via ARP spoofing) - By insertion attacks I'm referring to text and image replacement and substitution. In this instance, while the attacker performs the same type of attack as above, I know he must be modifying the packet's content (changing text or images). So why doesn't the recipient reject the packet?
Can checksums be recalculated or regenerated after the packet is modified?
Explanation / Answer
Packet checksums are not cryptographic measures, and are not intended to be a security feature. Anyone (even an attacker) can calculate the checksum for a packet containing anything, and there's no secrets/keys involved in the calculation.
Checksums are intended to catch errors during the transmission of the packet: flipped bits, miscommunication, etc. Basically, they're there for reliability, not security.